Oracle Linux 9 : runc (ELSA-2024-2180)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2180 advisory. 4:1.1.12-2 - Switch dependency on criu to Recommends - Resolves: RHEL-25116 Tenable has extracted the preceding description block directly from the...

Oracle Linux 9 : containernetworking-plugins (ELSA-2024-2272)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2272 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540...

GHSA-346H-749J-R28W PHPECC vulnerable to multiple cryptographic side-channel attacks

ECDSA Canonicalization PHPECC is vulnerable to malleable ECDSA signature attacks. Constant-Time Signer When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library GMP, which does not aim to provide constant-time implementatio...

GO-2023-2375 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

Marvin Attack: potential key recovery through timing sidechannels

Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. Patches No patch is yet available, however work is underway to migrate...

GHSA-C38W-74PG-36HR Marvin Attack: potential key recovery through timing sidechannels

Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. Patches No patch is yet available, however work is underway to migrate...

CVE-2023-49092 RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels

RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is...

CVE-2023-49092 RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels

RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is...

RUSTSEC-2023-0071 Marvin Attack: potential key recovery through timing sidechannels

Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. Patches No patch is yet available, however work is underway to migrate...